Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
|
09-11-2011, 06:39 AM
|
#16
|
|
Member
Registered: Aug 2004
Location: Albany, Western Australia
Distribution: Mageia 2, SME Server 8
Posts: 611
Rep: 
|
Quote:
|
That was posted about already
|
sorry about that
I did look in the news section, didn't think to look in security
floppy |
|
|
|
|
09-11-2011, 07:40 AM
|
#17
|
|
Moderator
Registered: May 2001
Posts: 24,808
|
Quote:
Originally Posted by floppywhopper
sorry about that
|
No, it's actually a good suggestion. Next time I'll symlink such news items to the News and General section. |
|
|
|
|
09-11-2011, 11:25 AM
|
#18
|
|
LQ Addict
Registered: Jul 2003
Location: London, UK
Distribution: Slackware
Posts: 7,466
Rep: 
|
It has happened to the Linux Foundation website, too (and they think it's related).
|
|
|
1 members found this post helpful.
|
|
09-11-2011, 01:48 PM
|
#19
|
|
Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,620
|
So, I guess I have to ask:
How do I get a clean latest version of the kernel ?
The answer might be: You don't, cuz everything is down for maintenance. Right ?
|
|
|
|
|
09-11-2011, 02:10 PM
|
#20
|
|
Moderator
Registered: May 2001
Posts: 24,808
|
...and next to the message displayed on the web site here's a copy of the email that got sent out as a result: http://lwn.net/Articles/458414/ |
|
|
1 members found this post helpful.
|
|
09-11-2011, 03:20 PM
|
#21
|
|
Moderator
Registered: May 2001
Posts: 24,808
|
|
|
|
|
|
09-11-2011, 06:20 PM
|
#22
|
|
LQ Newbie
Registered: Mar 2008
Location: Auckland
Distribution: CentOS (Server), Ubuntu (Desktop), Arch (Laptop)
Posts: 19
Rep:
|
Based on this security breach, I received the following note from linuxfoundation.org
Quote:
Attention Linux.com and LinuxFoundation.org users,
We are writing you because you have an account on Linux.com,
LinuxFoundation.org, or one of the subdomains associated with these domains.
On September 8, 2011, we discovered a security breach that may have
compromised your username, password, email address and other information you
have given to us. We believe this breach was connected to the intrusion on
kernel.org.
As with any intrusion and as a matter of caution, you should consider the
passwords and SSH keys that you have used on these sites compromised. If you
have reused these passwords on other sites, please change them immediately.
We are currently auditing all systems and will update public statements when
we have more information.
We have taken all Linux Foundation servers offline to do complete
re-installs. Linux Foundation services will be put back up as they become
available. We are working around the clock to expedite this process and are
working with authorities in the United States and in Europe to assist with
the investigation.
The Linux Foundation takes the security of its infrastructure and that of
its members extremely seriously and are pursuing all avenues to investigate
this attack and prevent future ones. We apologize for this inconvenience and
will communicate updates as we have them.
Please contact us at info@linuxfoundation.org with questions about this
matter.
The Linux Foundation
|
|
|
|
1 members found this post helpful.
|
|
09-11-2011, 07:17 PM
|
#23
|
|
Member
Registered: Sep 2011
Location: Trinidad & Tobago
Distribution: Debian Squeeze
Posts: 556
Rep:
|
Kernel.org is still down for maintenance.
The other question is: Did this breach reach their backup site in the air before it was caught?
|
|
|
|
|
09-13-2011, 08:18 PM
|
#24
|
|
Member
Registered: Sep 2011
Location: Trinidad & Tobago
Distribution: Debian Squeeze
Posts: 556
Rep:
|
Is it just me or is kernel.org still down for maintenance?
|
|
|
|
|
09-14-2011, 11:17 AM
|
#25
|
|
Senior Member
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,111
Rep:
|
Quote:
Originally Posted by H_TeXMeX_H
So, I guess I have to ask:
How do I get a clean latest version of the kernel ?
The answer might be: You don't, cuz everything is down for maintenance. Right ?
|
You can still use the github mirrors. |
|
|
1 members found this post helpful.
|
|
09-14-2011, 11:52 AM
|
#26
|
|
Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,620
|
Quote:
Originally Posted by jens
You can still use the github mirrors.
|
Ah yes, here it is:
https://github.com/torvalds/linux
Now the question is: is it safe / clean / not compromised ? |
|
|
|
|
09-14-2011, 11:59 AM
|
#27
|
|
Senior Member
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,111
Rep:
|
Quote:
Originally Posted by H_TeXMeX_H
|
Yes, it's as "clean" as ever...
You can't just change something in git without the the one pulling your request noticing it.
Last edited by jens; 09-14-2011 at 02:13 PM.
|
|
|
|
|
09-14-2011, 03:55 PM
|
#28
|
|
Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,620
|
Quote:
Originally Posted by jens
Yes, it's as "clean" as ever...
You can't just change something in git without the the one pulling your request noticing it.
|
That's good. Hopefully they didn't find a way to hack git. |
|
|
|
|
09-15-2011, 11:25 AM
|
#29
|
|
Member
Registered: Jul 2011
Location: Phoenix, New York
Distribution: Slackware 13.37
Posts: 376
Rep:
|
Is going to kernel.org safe? I tried to download a lib file I needed by using wget, and then I tried looking for it directly just by going to kernel.org, but I got the whole service is down message.
I'm wondering if it was safe to do this or not.
|
|
|
|
|
09-15-2011, 12:24 PM
|
#30
|
|
Guru
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,620
|
I doubt anything from kernel.org is safe ATM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 08:58 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
